jspωiki
DNS over HTTPS

Overview[1]#

DNS over HTTPS (DoH) is an experimental protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol.

IETF set up a DNS over HTTPS Working Group will standardize encodings for DNS Request and responses that are suitable for use in HTTPS. This will enable the domain name system to function over certain paths where existing DNS methods (UDP, TLS RFC 7857, and DTLS RFC 8094) experience problems. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by Man-In-The-Middle attacks. As of March 2018, Google and the Mozilla Foundation are testing versions of DNS over HTTPS

DNS over HTTPS Working Group produced an Internet Draft https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-14

Mozilla and DNS over HTTPS[3][4]#

Mozilla has done work and has presented an Internet Draft DNS Queries over HTTPS (DoH).

Google DNS over HTTPS#

Google's publicly-implemented version of this protocol uses HTTP GET commands (over HTTPS) to access DNS information using an encoding of DNS query and result parameters represented in JSON notation.[2]

Resolve Example: https://dns.google.com/resolve?name=ldapwiki.com

Returns:

{
    "Status": 0,
    "TC": false,
    "RD": true,
    "RA": true,
    "AD": false,
    "CD": false,
    "Question": [
        {
            "name": "ldapwiki.com.",
            "type": 1
        }
    ],
    "Answer": [
        {
            "name": "ldapwiki.com.",
            "type": 1,
            "TTL": 3599,
            "data": "173.255.234.20"
        }
    ],
    "Comment": "Response from 216.239.38.106."
}

Or a Query for browser: https://dns.google.com/query?name=ldapwiki.com&type=ANY&dnssec=true

{
  "Status": 0,
  "TC": false,
  "RD": true,
  "RA": true,
  "AD": false,
  "CD": false,
  "Question": [
    {
      "name": "ldapwiki.com.",
      "type": 255
    }
  ],
  "Answer": [
    {
      "name": "ldapwiki.com.",
      "type": 1,
      "TTL": 3599,
      "data": "173.255.234.20"
    },
    {
      "name": "ldapwiki.com.",
      "type": 2,
      "TTL": 21599,
      "data": "ns-cloud-a1.googledomains.com."
    },
    {
      "name": "ldapwiki.com.",
      "type": 2,
      "TTL": 21599,
      "data": "ns-cloud-a2.googledomains.com."
    },
    {
      "name": "ldapwiki.com.",
      "type": 2,
      "TTL": 21599,
      "data": "ns-cloud-a3.googledomains.com."
    },
    {
      "name": "ldapwiki.com.",
      "type": 2,
      "TTL": 21599,
      "data": "ns-cloud-a4.googledomains.com."
    },
    {
      "name": "ldapwiki.com.",
      "type": 6,
      "TTL": 21599,
      "data": "ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 16 21600 3600 259200 300"
    },
    {
      "name": "ldapwiki.com.",
      "type": 15,
      "TTL": 3599,
      "data": "1 aspmx.l.google.com."
    },
    {
      "name": "ldapwiki.com.",
      "type": 15,
      "TTL": 3599,
      "data": "5 alt1.aspmx.l.google.com."
    },
    {
      "name": "ldapwiki.com.",
      "type": 15,
      "TTL": 3599,
      "data": "5 alt2.aspmx.l.google.com."
    },
    {
      "name": "ldapwiki.com.",
      "type": 15,
      "TTL": 3599,
      "data": "10 alt3.aspmx.l.google.com."
    },
    {
      "name": "ldapwiki.com.",
      "type": 15,
      "TTL": 3599,
      "data": "10 alt4.aspmx.l.google.com."
    },
    {
      "name": "ldapwiki.com.",
      "type": 16,
      "TTL": 3599,
      "data": "\"abuseipdb-verification=HUxMCU2D\""
    },
    {
      "name": "ldapwiki.com.",
      "type": 16,
      "TTL": 3599,
      "data": "\"v=spf1 include:_spf.google.com ~all\""
    },
    {
      "name": "ldapwiki.com.",
      "type": 16,
      "TTL": 3599,
      "data": "\"5uEQ_Id-0sFwG1Z9xgKyQUNDZ_LHaGbEaFeSMl2zM2U\""
    },
    {
      "name": "ldapwiki.com.",
      "type": 16,
      "TTL": 3599,
      "data": "\"keybase-site-verification=HXB1MaZNXrnPliaob5-xFHRapkMkF6kddUYBUDdD2So\""
    },
    {
      "name": "ldapwiki.com.",
      "type": 99,
      "TTL": 3599,
      "data": "\"v=spf1 include:_spf.google.com ~all\""
    }
  ],
  "Comment": "Response from 216.239.38.106."
}

More Information#

There might be more information for this subject on one of the following: